CVE-2026-1363
CRITICALSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
IAQS and I6 developed by JNC has a Client-Side Enforcement of Server-Side Security vulnerability, allowing unauthenticated remote attackers to gain administrator privileges by manipulating the web front-end.
AnalysisAI
IAQS and I6 systems by JNC have a client-side enforcement vulnerability allowing unauthenticated attackers to bypass security controls and access server functionality.
Technical ContextAI
The IAQS and I6 systems rely on client-side enforcement of server-side security (CWE-603), meaning security checks are implemented in JavaScript or the client application and can be trivially bypassed.
Affected ProductsAI
JNC IAQS JNC I6
RemediationAI
Implement server-side authentication and authorization. Client-side checks should only supplement server-side enforcement.
Same weakness CWE-603 – Use of Client-Side Authentication
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today